<html>
<head>
<title>Cookie with CR/LF injected (JavaScript)</title>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript" src="/shared/scripts/utils.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
    //Set-Cookie: cookie=NOMNOMNOM; domain=.com.
	var cookie_header = 'U2V0LUNvb2tpZTogY29va2llPU5PTU5PTU5PTTsgZG9tYWluPS5jb20u';
	var tc = new TestCase();
	tc.input = 'Set-Cookie: cookie=NOMNOMNOM; domain=.com. from attacker.com; ifr.src = victim.com/showRequest;';
	tc.description = 'Check if browser sends cookie set from attacker.com to victim.com by appending . to end of .com in cookie domain.';
	tc.expected_result = "not sent";
    var ifr = document.createElement('iframe');
    ifr.src = "/shared/resources/data.html?encode=b64&headers="+cookie_header;
    attach_event(ifr, "onload", (function () { 
        set_cookie(tc); 
    })
    );
    //tc.sendRequest('GET', 'showRequest', null, tc_parsehdrs_for_crlf);
}

function set_cookie(tc) {
    
}
</script>
</head>
<body></body>
</html>